Network Time Security
Summary
Support the Network Time Security (NTS) authentication mechanism for the Network Time Protocol (NTP).
Owner
- Name: Miroslav Lichvar
- Email: mlichvar@redhat.com
Current status
- Targeted release: Fedora 33
- Last updated: 2020-03-31
- FESCo issue: <will be assigned by the Wrangler>
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
NTP is a widely used protocol for synchronization of clocks over network. Authentication of NTP packets is important to prevent a Man-in-the-middle (MITM) attacker from taking control over an NTP client (e.g. force it to jump to a distant future or past). Several different authentication mechanisms have been specified for NTP. The oldest and simplest one uses secret keys, where each client has its own key which needs to be securely distributed to the server and client. This means it is mostly limited to local networks. Autokey is a newer mechanism based on public-key cryptography, but it was shown to be insecure and it is rarely supported on public servers.
NTS is a new authentication mechanism specified by the IETF for NTP. NTS has an NTS-KE protocol using Transport Layer Security (TLS) to establish the keys and provide the client with cookies, which allows the NTP server to not keep any client-specific state. NTP packets are authenticated using Authenticated Encryption with Associated Data (AEAD). NTS is expected to scale well to a large numbers of clients. There are already some public NTP servers with NTS support.
The default NTP client and server on Fedora is chrony
. Support for NTS is added in version 4.0. It uses the GnuTLS library for TLS and the Nettle library for AEAD.
NTS authentication can be enabled on the client by adding the nts
option to the server
or pool
directive in /etc/chrony.conf. Until a standard port is assigned for NTS by IANA, the port may need to be specified with the ntsport
option. For example
server foo.example.com iburst nts ntsport 12123
A special care must be taken when mixing authenticated and non-authenticated NTP sources, e.g. servers from the pool.ntp.org project, or local NTP servers provided by DHCP if they are not disabled by adding PEERNTP=no
to /etc/sysconfig/network. To prevent the attacker from making a large adjustment of the clock by modifying responses from (a majority of) the non-authenticated sources, the require
and trust
options must be specified for the authenticated sources. This way, the non-authenticated sources will be used only when they agree with authenticated sources and can contribute to the stability and accuracy of the synchronization.
The default /etc/chrony.conf can be modified to use trusted public NTP servers with NTS support. There are public servers provided by Cloudflare and Netnod. Both would be ok with Fedora using their servers by default (with some testing and coordination). Another possibility for Fedora is to consider running its own NTP servers.
Benefit to Fedora
This change enables Fedora users to securely synchronize the system clock to local or public NTP servers.
TBD: This change also makes the default configuration of the NTP client secure.
Scope
- Proposal owners:
- Update
chrony
to 4.0 and enable the NTS support (adding dependency on GnuTLS) - TBD: Modify the /etc/chrony.conf to use a public server with NTS support
- TBD: Add support for configuring NTS to the installer
- Other developers: N/A (not a System Wide Change)
- Release engineering: N/A (not needed for this Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
Fedora systems updated from a previous version will use the new /etc/chrony.conf automatically if the installed file was not modified. If it was modified, the users will need to update the file manually or rename /etc/chrony.conf.rpmnew to /etc/chrony.conf in order to enable NTS.
How To Test
If the default configuration is modified for this Change, it needs to be tested that it works correctly on most systems where the previous configuration worked. The NTS-KE port may be blocked in firewalls. Large NTP packets on the port 123 may be blocked or rate-limited by ISPs. (NTS-KE supports port negotiation and an alternative port could be used to avoid this issue.)
If the installer was modified to support NTS, it needs to be tested that the generated configuration file is correct.
The chronyc -N sources
command can be used to verify that NTP sources are responding and the chronyc ntpdata
command shows which sources are authenticated. For example
# chronyc -N sources MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* time.cloudflare.com 3 6 377 28 -115us[ -111us] +/- 13ms ^+ nts.ntp.se 2 6 377 27 +212us[ +212us] +/- 22ms # chronyc ntpdata | grep Auth Authenticated : Yes Authenticated : Yes
User Experience
NTS can be enabled on NTP clients and servers. The directives and options are documented in the chrony.conf
man page.
If the installer was modified to support NTS, a new checkbox or dialog will be visible to the user during installation.
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change)
- Blocks product?
Documentation
N/A (not a System Wide Change)
Release Notes
TBD